feat: auth & admin

README.md

@@ -25,21 +25,25 @@ app/
 `application` depends on domain ports; `infrastructure`/`api` are the outer ring
 and are wired together at the composition root (`app/main.py`, `app/api/deps.py`).
 
-## Quick start (Docker)
+## Build (Docker)
+
+This repo ships only its own `Dockerfile` — the image runs anywhere and gets
+every peer (Postgres, Redis, media path) from env. It carries **no**
+orchestration. Full-stack wiring lives in the workspace compose one level up
+(`../docker-compose.yml`, alongside `mcma-webui`):
 
 ```bash
-cp .env.example .env          # then set a real JWT_SECRET
-docker compose up --build     # api on :8000, worker, postgres, redis
-curl localhost:8000/health    # {"status":"ok"}
-curl localhost:8000/health/ready
+docker build -t mcma-backend .                  # build just this service
+# or, from the workspace root, the whole stack:
+docker compose --profile app up --build         # db, redis, api, worker, webui
 ```
 
 ## Local dev (without Docker)
 
 ```bash
 uv sync                       # install deps (uses managed Python 3.14)
-# start Postgres + Redis (e.g. `docker compose up db redis`)
-cp .env.example .env
+# start backing services from the workspace root: `docker compose up -d` (db + redis)
+cp .env.example .env          # then set a real JWT_SECRET
 uv run uvicorn app.main:app --reload
 ```